Zscaler security vulnerability (CVE-2024-23483)

CVE-2024-23483 is a vulnerability identified in the Zscaler Client Connector on macOS systems running versions below 4.2. It is categorized as an OS command injection flaw, stemming from improper input validation. The vulnerability allows remote attackers to exploit the lack of safeguards by injecting OS commands, potentially enabling unauthorized access and control over the affected system. This vulnerability has a high CVSS score of 9.8 due to its ease of exploitation (low complexity, no required privileges, and no user interaction), and its significant impact on confidentiality, integrity, and availability.

To address CVE-2024-23483, users should update their Zscaler Client Connector to version 4.2 or later, where this vulnerability has been mitigated. This update strengthens input validation and helps prevent malicious command injection. Users on older macOS versions are strongly encouraged to upgrade to minimize the risk of exploitation.

See more details on: